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APPEAL BRIEF 



Honorable Commissioner: 

This is an Appeal Brief filed pursuant to 37 CFR § 41 .37 in response to the Final Office 
Action of April 11. 2008 (hereinafter the ''Office Action' 1 ), and pursuant to the Notice of 
Appeal filed July 10, 2008. 

REAL PARTY IN INTEREST 

The real party in interest in accordance with 37 CFR § 41.37(c)(I)(i) is the patent 
assignee. International Business Machines Corporation ("IBM"), a New York corporation 
having a place of business at Armonk, New York 10504. 

RELATED APPEALS AND INTERFERENCES 

There are no related appeals or interferences within the meaning of 37 CFR § 
41.37(c)(l)(ii). 
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STATUS OF CLAIMS 

Status of claims in accordance with 37 CFR § 4 ! .37(c)(l )(iii); Twenty-eight (28) claims 
are filed in the original application in this case. Claims 1-28 are rejected in the Office 
Action. Claims 1-28 are on appeal. 

STATUS OF AMENDMENTS 

Status of amendments in accordance with 37 CFR § 41 .37{c)( 1 )(iv): No amendments 
were submitted after final rejection. The claims as currently presented are included in the 
Appendix of Claims that accompanies this Appeal Brief; 

SUMMARY OF CLAIMED SUBJECT M ATTER 

Appellants provide the following concise summary of the claimed subject matter 
according to 37 CFR § 41 ,37(c)(l )(v). This summary includes a concise explanation of 
the subject matter defined in each of the independent claims involved in the appeal and 
includes references to the specification by page and line number and to the drawings by 
elements. The three independent claims involved in this appeal are claims 1 ? 10 ? and 19. 
Claims 1 is a method claim. Claims 10 and 19 recite counterpart aspects of the method of 
claim 1. Claim 10 recites system aspects of the method of claim 1 . Claim 19 recites 
computer program product aspects of the method of claim 1. 

This summary also includes an explanation of the subject matter defined in dependent 
claims 3 5 6, 12, 15, 21, and 24. Claim 3 is a method claim. Claims 12 and 21 recite 
counterpart aspects of the method of claim 3. Claim 12 recites system aspects of the 
method of claim 3. . Claim 21 recites computer program product aspects of the method of 
claim J. Claim 3 is a method claim. Claims 1 5 and 24 recite counterpart aspects of the 
method of claim 6. Claim 1 5 recites system aspects of the method of claim 6. Claim 24 
recites computer program product aspects of the method of claim 6, 
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Clairn f redtes a metfiod for cross domain security information conversion (page 12, 
lines 28-ll9| Eigtire 2); Themethod of claim 1 includes receiving from a .system entity, in 
a securiiy service, 'security' information in a native format of a first security domain 
regarding a system entity having an identity in at least one security domain (page 12, line 
'3jQ-— j>age' .M^ line J,;;=fr:i^re-5 : j elements 202, I10 ? 102, aifid 212$; The method of claim 1 
also includes translating the -security inforniation to a canonical format for security 
information (page 15, lines 20-21; Figure 2 5 elements 204 and 214), The method of claim 
1 also includes tr^isforlnirtg the Security information in the canonical format using a 
p^defined rri^ domain to a second security domain (page 19, 

lines 1 i-13; Figure % elements 206 and 214). The method of claim I also includes 
transtatinf the transformed security information in the canonical format to a nati ve format 
of the second security domain (page 24, lines 4-6: Figure 2, elements 208 and 2 1 6). The 
method of elaim 1 alko includes returning to the system entity the security information in 
the native format of the second security domain (page 24 s lines 14-16; Figure 2, elements 
210and2«). 

Claim 3 recites the method of claim 1 wherein recei ving security information flirther 
eomprises receiving a request for security information for the second security domain, 
wherein the, request encapsulates the security information in a native format of a first 
security domain, (page: 11, line 31 - page 12, line 2; Figure 1, elements 108 and 106). 

Claim 6 recites the method of claim 1 wherein translating the security information in a 
native "format of a first security domain to a canonical format is carried out through a 
procedural software function, (page 17, line 23-3 1 ; Figure 2, elements 204 and 214), 

Claim 1 0 recites a system for cross domain security information conversion (page 12, 
lines 28-29; Figure 2). The system of claim 10 includes means for recei ving from a 
system entity, in a security service, security information in a native format of a first 
security domain regarding a system entity having an identity in at least one security 
domain (page 1 2, line 30 — page 13, line 1 ; Figure 2, elements 202, 1 1 0, 1 02 ; and 2 12). 
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The system of claim 10 also includes means for translating the security information to a 
canonical format for security information (page 15, lines 20-21: Figure 2. elements 204 
and 214). The system of claim 10 also includes means for transforming the security 
information in the canonical format using a predefined mapping from the first security 
domain to a second security domain (page 19, lines 1 1-13: Figure 2, elements 206 and 
214). The system of claim 10 also includes means for translating the transformed 
security information in the canonical format to a native format of the second security 
domain (page 24, lines 4-6; Figure 2, elements 208 and 21 6); The system of claim 1 0 
also includes means for returning to the system entity the security information in the 
native format of the second security domain (page 24, lines 14-16; Figure 2, elements 210 
and 2 18). 

Claim 12 recites the system of claim 1 0 wherein means for receiving securi ty information 
further comprises means for receiving a request for security information for the second 
security domain, wherein the request encapsulates the security information in a native 
format of a first security domain, (page 1 1, line 31 - page 12, line 2; Figure 1, elements 
108 and 106). 

Claim 1 5 recites the system of claim 1 0 wherein means for translating the securi ty 
information in a nati ve format of a first security domain to a canonical format comprises 
a procedural software function, (page 1 7 S line 23-3 1 ; Figure 2, elements 204 and 214). 

Claim 19 recites a computer program product for cross domain security information 
conversion (page 12 3 lines 28-29; Figure 2). The computer program product of claim 19 
includes a recording medium (page 6, lines 1 8-19). The computer program product of 
claim 19 also includes means, recorded on the recording medium, for receiving from a 
computer program product entity, in a security service, security information in a native 
format of a first security domain regarding a computer program product entity having an 
identity in at least one security domain (page 12, line 30 - page 13, line 1 ; Figure 2, 
elements 202 a 110, 102, and 212). The computer program product of clai m 19 also 
includes means, recorded on the recording medium, for translating the security 
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information to a canonical format for security information (page IS, lines 20-21 ; Figure 
2, elements 204 and 214). The computer program product of claim 19 also includes 
means, recorded on the recording medium, for transforming the security information in 
the canonical format using a predefined mapping from the first security domain to a 
second security domain (page 19, lines 1 1-13; Figure 2. elements 206 and 214). The 
computer program product of claim 19 also includes means, recorded on the recording 
medium, for translating the transformed security i nformat ion in the canonical format to a 
native format of the second security domain (page 24, lines 4-6; Figure 2, elements 208 
and 216). The computer program product of claim 19 also includes means, recorded on 
the recording medium, for returning to the computer program product entity the security 
information in the native format of the second sec urity domain (page 24 ; l ines 14-16; 
Figure % elements 2 10 and 21 8). 

Claim 21 recites the computer program product of claim 19 wherein means, recorded on 
the recording medium, for receiving security information further comprises means, 
recorded on the recording medium, for recei ving a request for security information for the 
second security dbnminL wherein the request encapsulates the security information in a 
native format of a first security domain, (page 11, line 31 - page 12, line 2; Figure I. 
elements 108 and 106). 

Claim 24 recites the computer program product of claim 19 wherein means, recorded on 
the recording medium, for translati ng the security information in a native format of a first 
security domain to a canonical format comprises a procedural software function, (page 
17, line 23-31; Figure 2, elements 204 and 214). 

GROUNDS OF REJECTION 

In accordance with 37 CFR § 41 .37(c)(l )(vi), Appellants provide the following concise 
statement for each ground of rejection; 

1. Claims 10-28 stand rejected under 35 U.S.C. § 101 on grounds that the claims 



5 



AUS920040010US1 
APPEAL BRIEF 

tMile non-siatiitory subject matter. 

2; Claims lr6, 10-15, 1 9-24, and 27 stand rejected under 35 § 1 02(b) over 

Bm & a£ 9 (U,S; Patent 6,981,043), 

3. Claims 7-9, 16r 1 8 ?; 25-26, and 28 stand rejected for obviousness under 35 U r S.C 
."§• 103(a) as being unpatentable over Botz in view of Bussler ei al. (U.S. Patent 

ARGUMENT 

Appellants present the following argument pursuant to 37 CFR § 4 1 .37(c)( t)(vii) 
regarding the ground of rejection on appeal in the present case. 

Argument Regarding The First Ground Of Rejection On Appeal; 
mmm Stand Rejected Under 35 U.S.C. § 101 On Grounds 
That The Claims Recite Non-statutory Subject Matter 

Claims 10-2* stand rejected under 35 U.S.C, § 101 as being directed to non-statutory 
subject matter; The Office Action at page 2, states; 

Claims 10-28 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. These claims do not 
restrict the claimed invention to statutory classes of invention, Rathe^ the 
specification defines 1 computer program products embodied on a recording 
medium to encompass transmission media. (See Specification, pg. 6, line 
22) Hence, these claims are limited to statutory subject matter. 

That is, the Office Action takes the position that Appellants' usage of the term 4 recording 
medium' in claims 19-28 renders Appellants 5 claims outside realm of statutory subject 
matter because 'recording medium 5 encompasses 'transmission medium/ As confirmed 
in the telephone conversation with Examiner Kim on December 12 a 2007, claims 10-18 
are rejected as non-statutory subject matter because the 'means' in the 'means lor' 
limitations of claims 10-18 may include the 'recording medium* of claims 19-2$. For the 
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reasons discussed below; Appellants' claims 19-28 that include 'recording medium' are 
statutory subject matter entitled to patent protection. As such. Appellants* claims 10-18 
are also within the realm of statutory subject matter, and the rejection of Appellants' 
claim 10-28 under 35 ILS.C. § 1:01 should be withdrawn. 

In asserting that Appellants^ claims are directed toward non-statutory subject matter 
because *recprdihg medium , encompasses 'transmission medium, 1 the Office Action 
implies that Appellants 5 claims are directed toward non-statutory subject matter because 
a 'transmission medium' may be used to transfer signals. The current law regarding the 
patentability of signals is In re Nuijten, No. 06-1371 (Fed. Cir. 2007). In Nuijten, the 
Court held that a signal, claimed as signal is not statutory' subject matter eligible for 
patentability. Appellants note in the present application, however, that Appellants are not 
claiming a signal as a signal — rather. Appellants are claiming a computer program 
product that includes a recording medium on which suitable programming means may be 
recorded. In fact, the Court in Nuijten noted that the Board of Patent Appeals and 
interferences C BP Al\) decided that a similar claiming pattern in Nuijten was directed 
toward statutory subject matter stating: 

Finally, Nuijten's allowed Claim 15 is directed to "[a] storage medium 
having stored thereon a signal with embedded supplemental data..." 

On appeal, the Board reversed the double-patenting rejections. As to 
Claim 1-5, it found that "(flhe storage medium in claim 15 nominally puts 
the claim into the statutory category of a 'manufacture 535 and thus reversed 
the Examiner's § 101 rejection of that claim. 

For the same reasons that the BPA1 held that the claims in Nuijten directed toward 
storage medium having stored thereon a signal with embedded supplemental data, 
Appellants submit that claims 1 9-28 directed toward a computer program product that 
includes a recording medium on which suitable programming means may be recorded is 
also patentable under 35 U.S.C. §101. As such. Appellants' claims 10-18 are also 
directed toward statutory subject matter. 
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Furthermore, Appellants noted that even though the term 'recording medium' 
encompasses the term 'transmission medium/ Appellants' original specification 
describes a "transmission medium' as being a suitable recording medium for machine- 
readable information, which is used to embody the computer program product claimed in 
the present application. Nothing in the cited reference or any other language in the 
specification or the claims describes "transmission media 5 as a signal or under any 
reasonable interpretation implies that Appellants are claiming a signal. In addition, 
Appellants note that the Fifth Edition of the Microsoft Computer Dictionary defines the 
term 'media' as "a physical material, such as paper, disk, and tape, used for storing 
computer-based /information'* One of ordinary skill in the art would therefore understand 
that transmission media' is a physical material and entitled to patent protection under 35 
U.S.C. § 101 as an artideolmanufecture or a composition of matter. The rejections of 
claims 10-28 under 35.U.SX. § 101 are improper, and should therefore be withdrawn. 
Appellants respeetfully request reconsideration of claim 10-28. 

Argument Regarding The Second Ground Of Rejection 
On Appeal: Claims 1-6, 10-15, 19-24, and 27 Are 
Rejected Under 35 U.S.C. § 102(b) Over Botx 

Claims 1-6, 10-15, 19-24, and 27 stand rejected under 35 U.S.C. § 102 as being 
anticipated by Boiz r eiaL (U.S. Patent No. 6,981,043), To anticipate claims 1-6, 10-15, 
19-24, and 27 under 35 U.S.C. § 1 02, Botz must disclose each and every element and 
limitation recited in the claims of the present appl ication. 

Bote Does Not Disclose Each And Every Element 
Of The Claims Of The Present Application 

* ; A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference." Verdegaal Bros. 
v. Union OH Co. of California, 8 1 4 F.2d 628, 63 1 . 2 USPQ2d 1051, 1 053 (Fed. Cir. 
1987). Independent claim 1 recites: 
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1 . A method for cross domain security information conversion, the 
method comprising: 

receiving from a system entity, in a security service, security 
information in a native format of a first security domain regarding 
a system entity having an identity in at least one security domain; 

translating the security information to a canonical format for 
security information; 

transforming the security information in the canonical format using 
a predefined mapping from the first security domain to a second 
security domain; 

translating the tramformed security information in the canonical 
format to a native format of the second security domain; and 

returning to the system entity die security information in the native 
format of the second security domain. 

As explained below, Botz does not disclose each and every element and limitation recited 
in the claims of the present application and therefore does not anticipate the claims of the 
present application. 

Bote Does Not Disclose Receiving From A System Entity, In A Security 
Service, Security Information In A Native Format Of A First Security 

Domain And Returning To The System Entity The Security 
Information In The Native Format Of The Second Security Domain 

The Office Action takes the position that Botz at column 14, lines 1 7-34 2 discloses: 
receiving from a system entity, in a security service, security information in a native 
format of a first security domain regarding a system entity having an identity in at least 
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one security domain and returning to the system entity the security information in the 
native format of the second security domain. Appellants respectfully note in response, 
however, that what Botz at col umn 14, l ines 17-34 ? in fact discloses is: 



The identity mapping mechanism of the present invention provides an 
infrastructure for creating mappings between local user identities in 
different user registries on a network. In the preferred embodiment, a 
global identifier is created for each user, and each local user identity that 
corresponds to the global identifier is mapped to the global identifier. 
Once the relati&oship between the local user identities and the global 
identities is established, the infrastructure can then be used to determine 
from one local user identity a corresponding local user identity in a 
different user registry, the identity mapping mechanism thus allows user 
information in one environment to automatically retrieve user information 
in a different environment thereby avoiding the necessity of the user 
remembering multiple usernames and passwords. Once a user it authorized 
to the network, and requests access to a resource, the security semantics 
for obtaining access to the resource may be satisfied by invoking the 
appropriate EliM APIs and submitting the appropriate security 
information. 

That is, Bote, at column 14, lines 1 7-34 ? discloses a user identity mapping mechanism tor 
creating mappings between user identities in different user registries on a network, 
Botz-s user identity- mapping mechanism that creates mappings between user identities in 
different user registries on a network, however, does not disclose receiving from a system 
entity, in a security service, security information in a native format of a first security 
domain regarding a system entity having an identity in at least one security domain and 
returning to the system entity the security information in the native format of the second 
security domain as claimed in the present application because B'otz's user identity 
mapping mechanism operates exclusively within a single domain to correlate a user's 
local user identities stored in different user registries within the . single domain. Botz at 
column 9, line 59, states that a domain "represents a logical division for managing user 
identities;" Botz then goes on to describe how a global identifier for a user is used to 
map a user's local identity in a user registry within a domain to that user's local identity 
in a different user registry within the same domain. See Botz at column 9 ? line 59. 
through column 10, line25 3 and Figure 14. That is, Botz discloses mapping user 
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identities within a single domain. Because Botz's user identity mapping mechanism 
operates exclusively within a single domain to correlate a user's local user identities 
stored in different user registries within the single domain, Botz does not disclose 
multiple domains, Without disclosing multiple domains, Botz cannot disclose a second 
security domain, as claimed in the present application. Because Botz does not disclose a 
second security domain, Botz does not disclose receiving security information in a native 
format of afirst security domain and returns the security information in the native format 
of a second security domain as claimed in the present application. Because Botz does 
not disclose each and every element and limitation of Appellants* claims, Botz does not 
anticipate Appellants- claims, and the rejections under 35 U.Sf. § 102 should be 
withdrawn, 

Botz Opes Not Disclose Translating The Security information 
To A Canonical Format For Security Information 

"fhedffice Action takes the position that Botz at column 9, lines 46-54 and Figure 10 
discloses: translating the security information to a canonical format for security 
information and; tmnsferming the security information in the canonical format using a 
predefined mapping from the first security domain to a second security domain. 
Appellants respectfully note in response, however, that what Botz at column 9, lines 46- 
54, in fact discloses is: 

A global identifier is generated that corresponds to a user (step 1310). We 
assume for this example that this user has a first user identity in a first user 
registry, and a second user identity in a second user registry. The first user 
identity is mapped to the global identifier (step 1320). The second user 
identity is also mapped to the global identifier (step 1330). Because both 
local user identities are now mapped to a common global identifier, the 
mapping between these two local user identities can be easily determined 

That is, Botz at column 9. lines 46-54, discloses mapping user identities in separate user 
registries to a single global identifier. Botz's mapping user identities in separate user 
registries to a single global identifier does not disclose translating the security 
information to a canonical format for security information and transforming the security 
information in the canonical formal using a predefined mapping from the first security 
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domain to a second security domain, as claimed in the present application, because 
Bote's mapping is not translati ng, as clai med in the present Application, As clai med in 
the present application, information is translated from one format to a canonical format. 
In the original specification, Appellants at page 1 5 S line 3 1 - page 1 6 r line 2, define a 
canonical format as a "data format for security information that is standardized for use in 
data transformations of security information." in contrast to security information that is 
translated front one format to a data format that is standardized for use in data 
transformations/Of security information, Botz discloses mapping. Botz discusses 
mapping as collating multiple user identities in different environments to a single user. 
See Botz at column 5, lines 42-50. Correlating multiple user identities in different 
environments to a single user does not include translating security information from one 
format to a data format that is standardized for use in data transformations of security 
information^ In fact, at no poi nt in the reference does Botz discuss the topic of translating 
data formats or even mention the keyword "canonical/" Without disclosing translating 
data formats, Botz does not disclose translating the security information to a canonical 
format for security information, as claimed in the present application. Because Botz does 
not disclose each and every element and limitation of Appellants' claims, Botz does not 
anticipate Appellants' claims, and the rejections under 35 U.S.C. § 102 should be 
withdrawn. 

In Response To Office Action's 'Response to Arguments' 

The Office Action responds to Appellants' previous arguments in a Response to 
Arguments section. The Office Action at page 2 states, 

A domain, as taught by Botz, does not define security divisions as claimed 
in Appellant's claims. Rather, the domain of Botz' s invention defines 
general logical divisions ('The domain 1410 represents a logical division 
for managing user identities. A domain 1410 can be a company, a 
division within a company, a building within a division, or any other 
division that indicates a physical relationship. Furthermore, a domain 
1410 can be strictly logical divisions, such as hourly employees and 
salaried employees," col. 9:60-65) As outlined in the rejections below, 
Appellant's claimed recitation of a native format of a first and second 
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security domains are in fact suggested by the various environments which 
utilize different security protocols (see fig. 10). As taught by Botz, each 
local user identity on their respective security environments is mapped to 
the other local user identities via an enterprise identifier, (col. 9:46-54) 
For these reasons, Botz anticipates claims 1-6, 10-15, 19-24, and 27. 

Appellants understand this statement from the Office Action as an assertion that Botz's 
domains are not security domains, as claimed in the present application, but Botz's 
various environments, disclosed in Fig. 10, suggest security domains, as claimed in the 
present application. Appellants respectful 1 y note in response, however, that Botz at 
column 7, lines 35-40, discusses the "various environments* of Fig. 10, stating: 

Now we see from FIG. 10 how die preferred embodiments allow the 
system administrator to correlate the single global identifier 1010 to 
several different local user identities in different user registries. We 
assume that this user has a local user identity JohnASmith in the AS4GQV1 
registry 

That is, Bbtz's 'various: environments ? are user registries. Botz*s user registries are not 
security domains, as claimed in the present application. In the original specification at 
page 8, line 29, Appellants describe a security domain, stating that u a security domain 
represents a single unit of security administration and trust" Furthermore, Appellants 
define trust as u the characteristic that one system entity is willing to rely upon a second 
entity to execute actions or to make assertions about system entities or scopes/' See 
Appellants' original specification at page 8, lines 30-3 1 In contrast to a single unit of 
security administration and trust, Botz defines a user registry as u a list of users and 
information, such as a user ID and password, that are used to authenticate a user when the 
user requests access to the network," See Botz at column 1, lines 3 1 -33. That is, Botz 
discloses different locations on a network that contain lists of users and security 
information that is used, to authenticate a user when the user requests access to the 
network. A location containing lists of users and security information that can be used to 
authenticate a user when the user requests access to the network discloses different 
locations containing security information - not security domains representing a single 
unit of security administration and trust. Because Botz does not disclose each and even' 
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element and limitation of Appellants' claims, Botz does not anticipate Appellants' 
claims, and the rejections under 35 U.S ,C § 1 02 should he withdrawn. 

Botz Does Not Enable Each and Every Element 
Of The Claims Of The Present Application 

Not only must Bote disclose each and every element of the claims of the present 
application within the meaning of Verdegaal in order to anticipate Appellants' claims, 
but also Botz must be an enabling disclosure of each and every element of the claims of 
the present application within the meaning of In re Hoeksema. In Hoeksema, the claims 
were rejected because an earlier patent disclosed a structural similarity to the Appellant's 
chemical com pound. The court in Hoeksema stated: "We think it is sound law, 
consistent with the public policy underlying our patent law, that before any publication 
can amount to a statutory bar to the grant of a patent, its disclosure must be such that a 
skilled artisan could talke its teachings in combination with his own knowledge of the 
particular art ami-be iri possession of the invention/' In re Hoeksema, 399 F.2d 269 ? 273, 
158 USPQ 596, 600(GCRA 1968). The meaning of Hoeksema for the present case is that 
unless Botz places Appellants" claims in the possession of a person of ordinary skill in 
the art, Botz is legally insufficient to anticipate Appellants' claims under 35 U.S.C. § 
102. As explained above, Botz does not disclose each and every element and limitation 
of independent claim 1 of the present application. Because Botz does not disclose each 
and every element, Botz cannot possibly place the elements and limitations of the 
independent claims in the possession of a person of ordinary skill iri the aft. Botz cannot, 
therefore; anticipate claim 1 of the present application. 

Relations Among Claims 

Independent claims 10 and 19 are system and computer program product claims for cross 
domain security information conversion corresponding to independent method claim 1 . 
For the same reasons that Botz does not disclose a method for cross domain security 
information conversion, Botz also does not disclose a system and computer program 
product for cross domain security domain security information conversion corresponding 
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.tei^nde^nd^'claiia:)S^10.aiiid 19. independent elaims lOand 19 are therefore patentable 
and should be allowed. 

Claims 2^6, 11-1 5, 20-24, and 27 depend from independent claims 1,10, and 1 9; Each 
dependent claim: includes all of the limitations of die independent claim from which it 
depends. Because Botz does not disclose or enable each and e very element of the 
independent claims, Botz does hot disclose or enable each and every element of the 
dependent claims of the present application. As such, claims 2-6* 11-15, 20-24, and 27 
are also patentable and should be allowed, 

Botz Does Not Disclose Each And Every Element Of The 
Dependent Claims Of The Present Application 

In addition to the feet that Botz does not disclose each and every element and limitation 
of the claim 1 of the presentapplication, there is another reason that Botz does not 
disclose each and every element and limitation of the dependent claims of the present 
application - that is, Botz itself does not disclose each and every element and limitation 
of the dependent claims, Consider dependent claims 3 and 6 as examples. 

the Office Action takes the posi tion that Botz at column 14* lines 23-34 discloses the 
following limitation recited in dependent claim 3 of the present application: receiving 
security information further comprises recei ving a request for security information for the 
second security domain, wherein the request encapsulates the security information in a 
native format of a first security domain. Appellants note in response, however, that what 
Botz at column 1 4, lines 23-34 in fact discloses is: 

Once the relationship between the local user identities and the global 
identities is established, the infrastructure can then be used to determine 
from one local user identity a corresponding local user identity in a 
different user registry. The identity mapping mechanism thus allows user 
information in one environment to automatically retrieve user information 
in a different environment, thereby avoiding the necessity of the user 
remembering multiple usemames and passwords. Once a user it authorized 
to the network, and requests access to a resource f the security semantics 
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for obtaining access to the resource may be satisfied by invoking the 
appropriate EJM APIs and submitting the appropriate security 
information. 

That is, Boiz at column l4 ? lines 23-34 discloses a user requesting access to a resource: 
Botz ; s user requesting access to a resource does not disclose receiving security 
infonnationfe a request for security information for the second 

security domain, wherein the request encapsulates the security information in a native 
format 6f-a''fij^ ! $ecurliy domain, as claimed in the present application, because Bote's 
request for a resource is not a : request for security information for the second security 
domain. In contrast to a request for security information for the second security domain, 
Botz' request is for a resource. As discussed above, Botz does not disclose 'security 
domains/ Without disclosing security domains, Botz cannot disclose receiving security 
information further comprises receiving a request for security information for the second 
security domain, wherein the request encapsulates the security information in a native 
format of a &st security domain, as claimed in the present application. Because Botz 
does not disclose each and every element and limitation of Appellants' claim 2 9 Botz 
does not anticipate Appellants' claim, and the rejections under 35 U.S.C. § 1 02 should be 
withdrawn, 

'The- Office Action takes the position that Botz at figures 16-2 1 discloses the following 
limitation recited in dependent claim 6 of the present application: translating the security 
information in a native format of a first security domain to a canonical format is carried 
out through a procedural software function. Appellants note in response, however, that 
what Botz at figures 16-21 in fact discloses is block diagrams showing APIs that are 
included in the EJM ("Enterprise Identity Mapping") APIs ("Application Programming 
Interfaces**). Bote's APIs that are included in the E1M do not disclose translating the 
security information in a native format of a first security domain to a canonical format is 
carried out through a procedural software function. In the original specification. 
Appellants at page 1 5, line 3 1 - page 1 6, line 2, define a canonical format as a is data 
format for security information that is standardized for use in data transformations of 
security, information/- In contrast to security information that is translated from one 
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format to 4 data format that is standardized for use In data transformations of security 
information. In fact, at no point in the reference does Botz discuss the topic of translating 
data formats or even mention the keyword ''canonical." Without disclosing translating 
data. formats, Botz does not disclose translating the security information to a canonical 
format. for security information is carried out through a procedural software function, as 
claimed in the present application. Because Botz does not disclose each and every 
element arid limitation of Appellants 5 claims, Botz does not anticipate Appellants' 
claims, and the rejections under 35 U.S.C. § 102 should be withdrawn. 

Relations Among Claims 

Claims 3 and 6 recites method aspects for cross domain security information conversion 
according to embodiments of the present invention. Claims 12 and 21 respectively claim 
system and computer program product aspects corresponding to claim 3. Claims 1 5 and 
24 respectively claim system and computer program product aspects corresponding to 
claim 6. Claims 3 and 6 are allowable for the reasons set forth above. Claims 12 and 21 
are allowable for the same reasons that claim 3 is allowable. Claims 15 and 24 are 
allowable for the same reasons that claim 6 is allowable. The rejections of claims 12, 15, 
21, and 24 therefore should be withdrawn, and claims 1 2, 1 5, 21 s and 24 should be 
allowed. 

Argument Regarding The Third Ground Of Rejection On Appeal: 
Claims 7-9, 16-18, 25-26, and 28 Are Rejected Under 35 U.S.C. 103(a) 
As Being Unpatentable Over Bote In View Of Bussler 

Claims 7-9. 16-1/8, 25-26, and 28 stand rejected for obviousness under 35 U.S.C. § 103 as 
being unpatentable over Botz in view of Bussler, et ai (U.S. Patent No. 7,072,898). The 
question of whether Appellants claims are obvious or not is examined in light of: (1 ) the 
scope and content of the prior art; (2) the differences between the claimed invention and 
the prior art; (3) the level of ordinary skill in the art; and (4) any relevant secondary 
considerations, including commercial success, long felt but unsolved needs, and failure of 
others. KSR hit 'I Co. v. Telejlex Inc., No. 04-1350, slip op. at 2 (U.S. April 30, 2007). 
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•Although Appellants recognize that such an inquiry is an expansive and flexible one, the 
Office Action must nevertheless demonstrate a prima facie case of obviousness to reject 
Appellants claims under for obviousness under 35 U.S.C. § 103(a). In re Khan, 441 F.3d 
977, 985-86 (Fed. Cm 20.06). To establish a prima fecie case of obviousness, the 
proposed combination of the references must teach or suggest al l of the claim limitations 
of dependent claims 7-9, 16.18, 25-26, and 28, In re Roykci, 490 F.2d 981 , 985, 180 
BSPQ 580, 583 (CCPA 1974). Dependent claims 7-9, 1 6-1 8, 25-26, and 28 depend from 
independent elaims 1, 10, and 19 and include all the limitations of the independent claims 
from which'they depend. In rejecting dependent claims 7-9, 16-18, 25-26, and 28, the 
Office Action relies on Botz as disclosing each and every element of independent claims 
1, 10 ? and 19. As shown above, Botz in fact does not disclose each and every element of 
independent claims 1,10, and 19. Moreover, Bussler does not cure the deficiencies of 
Botz in disclosing each and every element and limitation of independent claims 1, 10, and 
19. Because Botz does not disclose each and every element of i ndependent claims 1 , 10, 
and 19 and because Bussler does not cure the deficiencies of Botz, the combination of 
Botz and Bussler cannot possibly disclose each and every element of dependent claims 7- 
9, 16-18, 25-26, and 28. The proposed combination of Botz and Bussler. therefore, 
cannot be used to establish a prima facie case of obviousness, and the rejections 35 
U.S.C. § 103(a) should be withdrawn. 

In addition to Botz and Bussler not disclosing each and every limitation of the 
independent claims, the combination of Botz and Bussler also does not disclose the other 
limitations of Appellants dependent claims. Specifically, Appellants note that the 
combination of Botz and Bussler does not disclose the following limitations: mapping a 
system entity's identity in the first security domain to a another identity in the second 
security domain; receiving a request for security information for the second security 
domain, wherein the request encapsulates the security information in a nati ve format of a 
first security domain; translating the security information in a native format of a first 
security domain to a canonical format is carried out through a procedural software 
function; the native format of the first security domain is expressed in XML. the 
canonical format is expressed in XML. and translating the security information in a 
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native foVrnat of a first ..security domain to a canonical format is carried out in dependence 
upon a mapping, expressed in XSL, from the native format of the first security domain to 
a canonical format; the canonical format is expressed in XML and the predefined 
mapping from the first security domain to a second security domain is expressed in XSL; 
and the second native format is expressed in XML, the canonical format is expressed in 
XML. and translating the transformed security information in the canonical format to a 
nati ve format of the second security domain is carried out in dependence upon a 
predefined mapping, expressed in XSL, from the canonical format to the native format of 
the second security domain . 

Conclusion of Appellants' Arguments 

The Office Action rejects claims 10-28 under 35 U.S.C. § 101 as being directed to non- 
statutory subject matter. As explained above, Appellants' claims 10-28 are directed 
toward statutory subject matter entitled to patent protection under 35 U.S.C § 10 1, 
Appellants therefore respectfully traverse the rejection and request reconsideration of 
claims I0r2& 

Claims 1-6, 10-15, 19-24, and 27 stand rejected under 35 U.S.C. § 102 as being 
anticipated by Botz. Botz does not disclose each and every element of Appellants' claims 
and does not enable Appellants' claims. Botz therefore does not anticipate Appellants" 
claims. Claims 1-6, 10-15, 19-24, and 27 are therefore patentable and should be allowed. 
Appellants respectfully request reconsideration of claims 1-6, 10-15, 19-24, and 27. 

Claims 7-9, 16-18, 25-26, and 28 stand rejected under 35 U.S.C, § 103 as obvious over 
Botz in view of Bussler. The combination of Botz and Bussler does not teach or suggest 
each and every element o f Appellants' claims. Claims 7-9, 16-18, 25-26, and 28 are 
therefore patentable and should be allowed. Appellants respectfully request 
reconsideration of claims 7-9, 16-18, 25-26, and 28. 

In view of the arguments above, reversal on all grounds of rejection is requested. 
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The Commissioner is. hereby authorized to charge or credit Deposit Account No. 09-0447 
for any lees; required or overpaid. 



Date; September 8. 2008 
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APPENDIX OF CLAIMS 
ON APPEAL IN PATENT APPLICATION OF 
MATTHEW PAUL DUG CAN, ETAL, SERIAL NO. 10/815,213 

CLAIMS 

What is claimed is: 

L A.iilie^Qd^fer-(Mss--d&ifiarn security information conversion, the method 
comprising: 

receiving from a system entity, in a security service, security information in a 
native format of a first security domain regarding a system entity having an 
identity in at least one security domain; 

translating the security information to a canonical format for security information; 

transforming the security information in the canonical format using a predefined 
mapping from the first security domain to a second security domain; 

translating the transformed security information in the canonical format to a 
native format of the second security domain; and 

returning to the system entity the security information in the native format of the 
second security domain. 

2; The method of claim I wherein transforming the security information includes 
structure transformation and value transformation, including mapping a system 
entity's identity in the first security domain to a another identity in the second 
security domain. 
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lli&met&dd'tif ~el^ 1 wherein receiving security information further comprises 
receiving a request for security information for the second security domain, 
wherein the request encapsulates the security information in a native format of a 
first security domain. 

The method of claim 3 wherein the system entity comprises a system entity 
requesting access to a resource in the second security domain. 

The method of claim 3 wherein the system entity comprises a system entity 
providing access to a resource in the second security domain, 

The method of claim 1 wherein translating the security information in a native 
format of a first security domain to a canonical format is carried out through a 
procedural software function. 

The method of claim 1 wherein the native format of the first security domain is 
expressed in XML, the canonical format is expressed in XML, and translating the 
security information in a native format of a first security domain to a canonical 
format is carried out in dependence upon a mapping, expressed in X3L, from the 
nati ve format of the first security domain to a canonical format. 

The method of claim 1 wherein the canonical format is expressed in XM L and the 
predefined mapping from the first security domain to a second security domain is 
expressed in XSL. 

The method of claim 1 wherein the second native format is ex pressed in XM L, 
the canonical format is expressed in XML, and translating the transformed 
security information in the canonical format to a native format of the second 
security domain is carried out in dependence upon a predefined mapping, 
expressed in XSL, from the canonical format to the native format of the second 
security domain, 
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A system for cross domain security information conversion, the system 
comprising: 

means for receiving from a system entity, in a security service, security 
information in a native format of a first security domain regarding a system entity 
having an identity in at least one security domain; 

means for translating the security information to a canonical format for security 
information; 

means for transforming the security information in the canonical format using a 
predefined mapping from the first security domain to a second security domain; 

means for translating the transformed security information in the canonical format 
to a native format of the second security domain; and 

means for returning to the system entity the security information in the native 
format of the second security domain. 

The system of claim 10 wherein means for transforming the security information 
includes means for structure transformation and value transformation, including 
means for mapping a system entity's identity in the first security domain to a 
another identity in the second security domain. 

The system of claim 10 wherein means for receiving security information further 
comprises means for receiving a request for security infonnation for the second 
security domain, wherein the request encapsulates the security information in a 
native format of a first security domain. 
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13. The system of claim 12 wherein the system entity comprises a system entity 
requesting access to a resource in the second security domain. 

14. The system of claim 1 2 wherei n the system enti ty comprises a system entity 
providing access to a resource in the second security domain. 

15. The system Of claim 10 wherein means for translating the security information in 
a native format of a first security domain to a canonical format comprises a 
procedural software function. 

16. The system of claim 10 wherein means for translating the security information in 
a native format of a first security domain to a canonical format comprises a 
mapping, expressed tin XSL, from the native format of the first security domain to 
a canonical format. 

1 7. The system of claim 10 wherein the canonical format is expressed in XML and 
the predefined mapping from the first security domain to a second security 
domain: is expressed in XSL 

18. The system of claim 10 wherein the second native format is expressed in XML, 
the canonical format is expressed in XML, and means for translating the 
transformed security information in the canonical format to a nati ve format of the 
second security domain comprises a predefined mapping, expressed in XSL, from 
the canonical format to the nati ve format of the second security domain. 

1 9. A computer program product for cross domain security information conversion, 
the computer program product comprising: 

a recording medium; 
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means, recorded ori the recording medium, for receiving from a computer 
program product entity, in a security service, security information in a native 
format of a first security domain regarding a computer program product entity 
having an identity in at least one security domain; 

means, recorded on the recording medium, for translating the security information 
to a canonical format for security information; 

means, recorded on the recording medium, for transforming the security 
information in the canonical format using a predefined mapping from the first 
security domain to a second security domain; 

means, recorded on the recording medium, for translating the transformed security 
informatibn in the canonical format to a native format of the second security 
domain; and 

means, recorded on the recording medium, for returning to the computer program 
product: entity the security information in the native format of the second security 
domain. 

The computer program product of claim 19 wherein means, recorded on the 
recording medium, for transforming the security information includes means, 
recorded on the recording medium, for structure transformation and value 
transformation, including means, recorded on the recording medium, for mapping 
a system entity's identity in the first security domain to a another identity in the 
second security domain. 

The computer program product of claim 19 wherein means, recorded on the 
recording medium, for receiving security information further comprises means, 
recorded on the recording medium, for receiving a request for security 
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information for the second security domain, wherein the request encapsulates the 
security information in a native format of a first security domain. 

22. The computer program product of claim 21 wherein the computer program 
product entity comprises a computer program product entity requesting access to 
a resource in the second security domain. 

23. The computer program product of claim 2 1 wherein the computer program 
product entity comprises a computer program product entity providing access to a 
resource in the second security domain. 

24. The computer program product of claim 19 wherein means, recorded on the 
recording medium, for translating the security information in a native format of a 
first security domain to a canonical format comprises a procedural software 
function. 

25* The computer program product of claim 1 9 wherein means, recorded on the 

recording medium, for translating the security information in a nati ve format of a 
first security domain to a canonical format comprises a mapping, expressed in 
XSL, from the native format of the first security domain to a canonical format. 

26. The computer program product of claim 19 wherein the canonical format is 
expressed in XML and the predefined mapping from the first security domain to a 
second security domain is expressed in XSL. 

27. The computer program product of claim 1 9 wherein means, recorded on the 
recording medium, for translating the transformed security information in the 
canonical format to a native format of the second security domain comprises a 
procedural software function. 
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The c&npute r program product of claim 1 9 wherein ..the second native format is 
expressed in )(ML r the canonical formal: is expressed in XML. and means, 
recorded on the recording medium, for translating the transformed security 
information in the canonical format to a native format of the second security 
doinairi comprises a predefined mapping, expressed in XSL, from the canonical 
forniatrtd the nati ve format of the second security domain. 
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APPENDIX OF EVIDENCE 
ON APPEAL IN PATENT APPLICATION OF 
MATTHEW PAUL DUGGAN, ETAL., SERIAL NO. 10,815,213 

This is an evidence appendix in accordance with 37 CFR § 41.37(c)(l)(ix). 

There is in this case no evidence submitted pursuant to 37 CFR §§ 1.130, 1.131, or 1.132, 
nor is there in this case any other evidence entered by the examiner and relied upon by 
the Appellants. 
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RELATED PROCEEDINGS APPENDIX 



This is a related proceedings appendix in accordance with 37 CFR § 41 .37(c)( 1 )(x). 
There are no decisions rendered by a court or the Board in any proceeding identified 
pursuant to 37 CFR § 41 .37(c)(!)(ii). 
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